Disk drives receive read and write requests from host computers in many storage systems. For security, data stored on the disk drives needs to be encrypted. In order to secure the data, important issues arise as to how to secure the data being stored and where to store the cryptographic keys.
In some storage systems, the host computer sends both the cryptographic key and the data to the drive. In this operation, the host controls both the cryptographic keys and data flow.
In other storage systems, the cryptographic keys are stored on a central key server. Timely and secure management of a large number of cryptographic keys in a single server is a difficult task. For instance, problems can arise since many different users or hosts need to be authenticated at the server in order to access the cryptographic keys. Further, if the cryptographic key is stored within the server, then the server that supports the corresponding disk array controller must be aware of the specific requirements associated with storing each cryptographic key.
In still other storage systems, the cryptographic key is stored in the disk array controller. If the array controller fails, however, then the stored cryptographic key becomes trapped within the failed controller and the associated data stored on the disks is not accessible.